No Check on `_sdAmount` When Creating a Lot Results In Users Adding Bids On Lots With Zero SD Tokens & The Highest Bidder Losing His Ethers

[code423n4]

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L51

Vulnerability details

Impact

• Since there's no check on the _sdAmount in the createLot function; anyone can create a lot with _sdAmount=0;
• This will result in users adding bids on lots with sdAmount=0.
• And since there's noway/no function for the lots[lotId].highestBidder to withdraw his bid when he discovers that he bidded on nothing; this will lead to the highestBidder losing his ethers! while other users can escape this by calling withdrawUnselectedBid function.
• So the ethers of the lots[lotId].highestBidder of this lot will be locked in the Auction contract, and he will not get any SD tokens in return.

Proof of Concept

Instances: 1

File: 2023-06-stader/contracts/Auction.sol
Line 51: lots[nextLot].sdAmount = _sdAmount;

Tools Used

Manual Testing.

Recommended Mitigation Steps

Check if _sdAmount > 0 in the createLot function before creating a lot.

Assessed type

ETH-Transfer

[Picodes]

What would be the difference with someone bypassing the proposed check with _sdAmount ~ 0 ?

[c4-judge]

Picodes marked the issue as unsatisfactory: Overinflated severity